Personal online security is an issue that most users don’t think about too much until something happens. While we like to think that we are safe and sound with our basic antivirus protection, the truth is quite a bit scarier than that. Our devices are under threat of becoming tools for hackers with malicious intent. Distributed Denial of Service (DDoS) attacks, a particularly malicious approach to online crime, uses our devices and the growing army of IoT devices as bots to execute attacks either to harm the owners of the site or to extract a ransom.
DDoS is a form of online attack in which online criminals use devices previously infected by Trojans to flood a target with traffic to ultimately take the site down in order prevent legitimate users from accessing the site. The reason why the attacks are so difficult to prevent is because it is difficult to distinguish real traffic and a fake traffic and blocking a suspicious IP addresses is a bit like plugging 100 leaks with 10 fingers.
This is going back quite a bit, but this is where it all began. The first worm was developed by a grad student, Robert Tappan Morris by accident. The original goal of the program was to determine the size of the ARPANET (the prototype of the Internet), but due to a coding mistake, it started multiplying and detecting itself as a foreign entity. The whole network crashed and the grad student was fined and sentenced to community service.
What is interesting about this attack is that it was done by a 15-year-old boy who was in it for the glory and had no interest in making money. What’s not funny about this attack is the fact that it cost the companies that were hit an estimated 1.2 billion dollars! MafiaBoy, which is what this young hacker called himself, was sentenced by the Canadian court to 8 months in the juvenile detention center.
This is the first instance that DDoS attacks were used for political gains. Due to the fact that the presidential and parliamentary elections were taking place during this time, there was a major strife between the pro-government side and the opposition. They both brought their best DDoS game and went after each other’s websites.
This is one of the powerful attacks in current history, capping at 400 Gbps of data. The target, Spamhaus, deals with antispam and junk mail control, which is why it is often targeted by hackers. During this attack, the focus was on attacking their security network, as well as the bandwidth provider for that network. Interestingly enough, it was later discovered that a 13-year-old hacker was involved in this attack.
This attack reached somewhere around 500 Gbps and was started during Hong Kong’s Occupy Central protests. The targets for these attacks were mainly pro-democratic news websites like Apple Daily. While there is a suspicion that the Chinese government was responsible for this attack, there is no proof of this and it very well may be some other party attempting to set them up.
How do you hurt a major news network? Well, collapse their entire domain including their on-demand and radio on New Year’s Eve. The group responsible for this attack that goes by the name “New World Hackers” claimed that it was a test of their capabilities and they estimate the power of their attack at 600 Gbps, but this was later proven to be false. Nevertheless, BBC was down for three hours and had trouble throughout that entire day.
This is up to this point the biggest and scariest DDoS in recent history. The target was Dyn, a company that controls the majority of DNS (domain name system) for the US web. The strength of the DDoS was capped at an astonishing 1.2Tbps and brought down major sites like Twitter, Reddit and Netflix. What is revolutionary about this attack is that it utilized devices that are not commonly used for these kind of attacks.
Namely, the hackers used internet of things (IoT) devices for this attack as their primary source of data. In this case, cameras, DVRs and similar devices that have low security and whose users did not change the default passcodes on the devices where turned into bots. The estimate was that around 100,000 of these devices were networked to deploy the attack. In essence, an entire zombie DDoS army of bots made of household appliances.
[bctt tweet="The Growing Threat of DDoS Attacks #cybersecurity #infosec" username="Above_Security"]
If we take a look at the Mirai situation, we can easily see where things are going. DDoS attacks are executed with a variety of motivations and the code to conduct an attack has become easier to find and deploy. The Mirai code was released by the hacker known as Anna-senpai last October and since either it or a variant of the code has been used to conduct a variety of minor attacks and several major ones including an attack on Liberia’s internet infrastructure, Deutsche Telekom, TalkTalk and others.
Thus, the same code that was used to bring down Dyn and Brian Krebs website last October has been successfully released, productized into easy to use code or kiddie scripts widely available on Github, and has a potential army of hundreds of thousands of IoT devices including baby monitors and remote video cameras which still used the factory default settings.
Each year seems to bring a new challenge to IT security leaders and analysts and it appears 2017 will be the year of the DDoS attack.